"The [Information] Commissioner believes that in a number of areas the proposal is unnecessarily and unhelpfully over-prescriptive. This poses challenges for its practical application and risks developing a 'tick box' approach to data protection compliance," the ICO said in a statement.

The proposals that the ICO welcomed included the introduction of the individual's right to move their data from one provider to another, and the mandatory requirement for organisations to notify authorities and affected citizens of a data breach.

It is not surprising that the ICO also welcomed the EC's proposals for a strengthening of the powers of data protection authorities.

However, the ICO said that the EC failed to fully recognise the reality of international transfer of personal data. It believed that "further thought" was required on extending the scope of data protection obligations to any processing that is directed at people in the EU, as it did not provide a clear indication of how the regulations would be enforced outside Europe.

The ICO is also concerned about the EC's separate proposal for a new directive regarding the processing of personal data by law enforcement authorities.

"He [the Information Commissioner] is concerned that in an area where the processing of personal data can have a particularly adverse impact on individuals, the Commission's proposals are much less ambitious," the ICO said.

"He believes that a high level of data protection that, as with the current UK data protection act, is equally applicable across all sectors is required and hopes that these provisions will be strengthened as negotiations progress."